One of the less sexy but more important announcements at Google I/O last month was that Google is adopting part of Samsung's enterprise (as in corporate) security system into the L release of Android. The short version is that it'll be easier than ever to have your work data on your phone alongside your personal data, but the two will be secure and completely sandboxed. (You can get an early look at it now in the L Developer Preview, if you're so inclined.)
Today, Google and Samsung have dropped a little more info on exactly what's going on.
The grossly oversimplified version is that Google will leverage the existing profile feature — currently available on Android tablets — and use it to create a managed profile that has some centralized control for IT policy managers. In the example code provided by Google, developers can learn how to create a basic managed profile. The tools allow policy managers to:
- Enable or disable other apps, and set restrictions on them.
- Configure intents to be forwarded between the primary account and the managed profile.
- Wipe all the data associated with the managed profile.
In addition, there can only be one managed profile on a device at a time.
We're sure that there's even more to learn here, and we'll hear about it as we get closer to the Android L launch. The new methods of control over Android intents sound very interesting, and may be exactly the secret sauce Google needs to get a foot in the enterprise door. I can see situations where you're unable to send a Google Drive document to your personal email, nor can you import a file from a non-managed app to a managed one.
This sort of device security is tough, and up until now only BlackBerry really does it right with a BES server. Google has a chance to change that and what we're seeing looks like a good set of tools to move forward with.